Recently I reviewed some of the patching techniqus around ESXi and vCenter Server.

The question I wanted to know more about was – How are products (vCenter and ESX(i) patched (4.0 and above)?

What I found was “it depends” J but I remember them this way…

Note – Before I apply ANY patch or update I always check the HCL, check with my hardware vendor, and read the release notes as most patches contain prerequisites.

vCenter Server is simple, I remember it this way “Patches? Patches? We don’t need no stinkin’ Patches…”

ESXi — Can be a bit more complicated… It’s more like this — “I’d like the pie heated and I don’t want the ice cream on top, I want it on the side, and I’d like strawberry instead of vanilla if you have it, if not then no ice cream just whipped cream but only if it’s real; if it’s out of the can then nothing.”

Here is a bit more depth –

vCenter Server (VC) Windows Edition –

VC 4.x, 5.0 and 5.1 – There are no patches vCenter Server only full updates packages which contain all the content. AKA – Patches are included in the each releases.

VC 5.5 – No patches for VC just updates but there are patches for tcServer and JRE. These patches will be released on an as needed basis.

It’s pretty simple, if you want to patch your vCenter Server then just install an Update, but do yourhomework first.

ESXi —

First off Patches are not exactly cumulative and depending on how you update ESXi the Build numbers and sub-components can be off.

Trying to simplify this… it’s not a cut and dry method but here is what I found…

In most cases (not all) it seems to come down to two ways of updating your host. Ask yourself this:

1. Do you want ESXi to report the more accurate Build Number and have all the underlying sub-components (Virt Hardware, Tools, etc) up to date?

2. OR is it more important to just have a specific Patch installed?

If Yes to “more accurate Build Number” then this is suggested…

Update ESXi to the latest Update, then apply the latest Patch.

This should ensure the sub-components contained within are updated uniformly and the build number should report properly.

Accurate Build Number Example – You are at ESXi 4.1U1, update it to ESXi 4.1U3 first, then Apply Patch 9

The result should yield an ESXi server and sub–components fully up to date

If Yes to “more important to just have a specific Patch” Simple answer is just apply that patch

However depending on your current level of ESXi the patch may not contain all the updated sub-components.

It will contain the Patches and Security updates documented in its KB or release notes.

Specific Patch Example – You are at ESXi 4.1U1, Just Apply Patch 9

The result should yield an ESXi Server with Patch 9 and the sub-components may not be updated, it depends on the patch

This may also change the build number to reflect an unexpected result, meaning it may not look like the build number for ESXi 4.1U1 or Patch 9, it may be somewhere in between.

Last Monkey Wrench in this mix… Express Patches with ESXi

This is the exception to the statements above and add a couple of new rules…

Express Patches typically fix only a very specific function, and they are typically are NOT cumulative.